Large rework to enable sending pull requests as user.

apps/.gitignore

@@ -0,0 +1,2 @@
+*-build
+*.pem

apps/Makefile

@@ -0,0 +1,35 @@
+# Copyright 2021 OpenROAD Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+include common/config.mk
+
+APPS=pull-request-sender pull-request-sender-auth-check
+
+env:
+	virtualenv env
+	source env/bin/activate; pip install -r pull-request-sender/requirements.txt
+	source env/bin/activate; pip install -r pull-request-sender-auth-check/requirements.txt
+
+enter:
+	source env/bin/activate; bash
+
+build:
+	for A in $(APPS); do (cd $$A; make build); done
+
+deploy:
+	make build
+	(cd common; yes | gcloud --project=$(PROJECT_ID) datastore indexes create index.yaml)
+	for A in $(APPS); do (cd $$A; make deploy); done

apps/common/.dockerignore

@@ -0,0 +1,7 @@
+Dockerfile
+README.md
+*.pyc
+*.pyo
+*.pyd
+__pycache__
+.pytest_cache

apps/common/Dockerfile

@@ -0,0 +1,23 @@
+# Use the official lightweight Python image.
+# https://hub.docker.com/_/python
+FROM python:3.9-slim
+
+# Allow statements and log messages to immediately appear in the Knative logs
+ENV PYTHONUNBUFFERED True
+
+# Copy local code to the container image.
+ENV APP_HOME /app
+WORKDIR $APP_HOME
+COPY . ./
+RUN find | sort
+RUN mkdir /keys
+
+# Install production dependencies.
+RUN pip install -r requirements.txt
+
+# Run the web service on container startup. Here we use the gunicorn
+# webserver, with one worker process and 8 threads.
+# For environments with multiple CPU cores, increase the number of workers
+# to be equal to the cores available.
+# Timeout is set to 0 to disable the timeouts of the workers to allow Cloud Run to handle instance scaling.
+CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 app:app

apps/common/config.mk

@@ -0,0 +1,18 @@
+# Copyright 2021 OpenROAD Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+PROJECT_ID=openroad-robot
+REGION=us-central1

apps/common/db.py

@@ -0,0 +1,121 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Copyright 2021 OpenROAD Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+
+import datetime
+import pprint
+import requests
+import urllib
+
+
+from google.cloud import ndb
+
+
+class Token(ndb.Model):
+    login = ndb.StringProperty(indexed=True, required=True)
+    access_token = ndb.StringProperty(required=True)
+    expires_in = ndb.IntegerProperty(required=True)
+    refresh_token = ndb.StringProperty(required=True)
+    refresh_token_expires_in = ndb.IntegerProperty(required=True)
+    token_type = ndb.StringProperty(required=True)
+    updated = ndb.DateTimeProperty(auto_now=True)
+    created = ndb.DateTimeProperty(auto_now_add=True)
+
+    def to_table(self):
+        c = (datetime.datetime.utcnow() - self.created).seconds
+        u = (datetime.datetime.utcnow() - self.updated).seconds
+        ein = self.created + datetime.timedelta(seconds=self.expires_in)
+        rin = self.created + datetime.timedelta(seconds=self.refresh_token_expires_in)
+        return f"""\
+  <table>
+   <tr><th>Login             </th><td>{self.login}                        </td><td>              </td></tr>
+   <tr><th>Created           </th><td>{c}s ago                            </td><td>{self.created}</td></tr>
+   <tr><th>Last updated      </th><td>{u}s ago                            </td><td>{self.updated}</td></tr>
+   <tr><th>Auth Expires In   </th><td>t + {self.expires_in}s              </td><td>{ein}         </td></tr>
+   <tr><th>Refresh Expires In</th><td>t + {self.refresh_token_expires_in}s</td><td>{rin}         </td></tr>
+   <tr><th>Type              </th><td>{self.token_type}                   </td><td>              </td></tr>
+  </table>
+"""
+
+    def to_html(self):
+        return f"""\
+<html>
+ <body>
+{self.to_table()}
+ </body>
+</html>
+"""
+
+    @classmethod
+    def latest(cls, login):
+        with client.context():
+            q = cls.query().filter(cls.login==login).order(-cls.created)
+            for t in q:
+                return t
+
+    @classmethod
+    def delete(cls, login):
+        with client.context():
+            q = cls.query().filter(cls.login==login).order(-cls.created)
+            for t in q:
+                t.key.delete()
+
+    @classmethod
+    def from_response(cls, login, d):
+        od = dict(urllib.parse.parse_qsl(d.text))
+
+        if 'error' in od:
+            ods = pprint.pformat(od)
+            return f"""\
+<html>
+ <body>
+  <a href="{od['error_uri']}">{od['error_description']}</a>
+  <br>
+  <pre>{ods}</pre>
+ </body>
+</html>
+"""
+        # Use the token to figure out the username of the user associated with the
+        # token.
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"{od['token_type']} {od['access_token']}",
+        }
+        ud = requests.get(
+            url="https://api.github.com/user",
+            headers=headers,
+        ).json()
+        assert ud['login'] == login, (ud['login'], login)
+
+        od['login'] = login
+        return cls.from_json(od)
+
+    @classmethod
+    def from_json(cls, od):
+        assert 'access_token' in od, od
+        assert 'token_type' in od, od
+        assert 'expires_in' in od, od
+        od['expires_in'] = int(od['expires_in'])
+        assert 'refresh_token' in od, od
+        assert 'refresh_token_expires_in' in od, od
+        od['refresh_token_expires_in'] = int(od['refresh_token_expires_in'])
+        return cls(**od)
+
+
+client = ndb.Client()

apps/common/inc.mk

@@ -0,0 +1,72 @@
+# Copyright 2021 OpenROAD Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+MAKE_DIR := $(realpath $(dir $(lastword $(MAKEFILE_LIST))))
+
+include $(MAKE_DIR)/config.mk
+
+SRCS=\
+     ../common/Dockerfile \
+     ../common/.dockerignore \
+     ../common/db.py \
+     ../common/utils.py \
+     *.py \
+     *.txt \
+     ../../github_api
+
+PYTHONPATH=$(abspath $(PWD)/../common):$(abspath $(PWD)/../../)
+export PYTHONPATH
+
+BUILD_DIR=$(PROJECT_NAME)-build
+
+build:
+	rm -rf $(BUILD_DIR)
+	mkdir $(BUILD_DIR)
+	cp -a $(SRCS) ./$(BUILD_DIR)/
+	find $(BUILD_DIR) -name '*.pem' -delete
+	find $(BUILD_DIR) -name '*.pyc' -delete
+	find $(BUILD_DIR) -name '.*.sw*' -delete
+	find $(BUILD_DIR) -type d -empty -delete
+	find $(BUILD_DIR) | sort
+	cd $(BUILD_DIR); gcloud --project=$(PROJECT_ID) \
+		builds submit \
+		--tag gcr.io/$(PROJECT_ID)/$(PROJECT_NAME)
+
+.PHONY: build
+
+SECRETS_ENV=CLIENT_ID CLIENT_SECRET APP_ID
+SECRETS_CENV=CLIENT_TOKEN
+
+SECRETS_CMDLINE_ENV=$(shell echo $(SECRETS_ENV) | sed -e's/\([^ ]\+\) \?/\1=$(SECRETS_PREFIX)_\1:latest,/g' -e's/,$$//')
+SECRETS_CMDLINE_CENV=$(shell echo $(SECRETS_CENV) | sed -e's/\([^ ]\+\) \?/,\1=COMMON_\1:latest,/g' -e's/,$$//')
+SECRETS_CMDLINE_PEM=,/keys/app.private-key.pem=$(SECRETS_PREFIX)_CLIENT_KEY:latest
+
+deploy:
+	gcloud --project=$(PROJECT_ID) beta \
+		run deploy \
+		$(PROJECT_NAME) \
+		--image gcr.io/$(PROJECT_ID)/$(PROJECT_NAME) \
+		--platform managed --region=$(REGION) \
+		--allow-unauthenticated \
+		--set-env-vars PROJECT_ID=$(PROJECT_ID),CLIENT_KEY=/keys/app.private-key.pem \
+		--service-account=$(SERVICE_ACCOUNT)@$(PROJECT_ID).iam.gserviceaccount.com \
+		--set-secrets=$(SECRETS_CMDLINE_ENV)$(SECRETS_CMDLINE_CENV)$(SECRETS_CMDLINE_PEM)
+
+.PHONY: deploy
+
+DATASTORE_EMULATOR_HOST=localhost:8081
+db:
+	gcloud beta emulators datastore start

apps/common/index.yaml

@@ -0,0 +1,6 @@
+indexes:
+- kind: Token
+  properties:
+  - name: login
+  - name: created
+    direction: desc